An indictment filed Wednesday in federal court in Ohio may answer some of those questions. It alleges Fruitfly was the creation of an Ohio man who used it for more than 13 years to steal millions of images from infected computers as he took detailed notes of what he observed. Prosecutors also said defendant Phillip R. Durachinsky used the malware to surreptitiously turn on cameras and microphones, take and download screenshots, log keystrokes, and steal tax and medical records, photographs, Internet searches, and bank transactions. In some cases, Fruitfly alerted Durachinsky when victims typed words associated with porn. The suspect, in addition to allegedly targeting individuals, also allegedly infected computers belonging to police departments, schools, companies, and the federal government, including the US Department of Energy.

Creepware

The indictment, filed in US District Court for the Northern District of Ohio's Eastern Division, went on to say that Durachinsky developed a control panel that allowed him to manipulate infected computers and view live images from several machines simultaneously. The indictment also said he produced visual depictions of one or more minors engaging in sexually explicit conduct and that the depiction was transported across state lines. He allegedly developed a version of Fruitfly that was capable of infecting Windows computers as well. Prosecutors are asking the court for an order requiring Durachinsky to forfeit any property he derived from his 13-year campaign, an indication that he may have sold the images and data he acquired to others.

Further Reading

Wednesday's indictment largely confirms suspicions first raised by researchers at antivirus provider Malwarebytes, who in January 2017 said Fruitfly may have been active for more than a decade. They based that assessment on the malware's use of libjpeg—an open-source code library that was last updated in 1998—to open or create JPG-formatted image files. The researchers, meanwhile, identified a comment in the Fruitfly code referring to a change made in the Yosemite version of macOS and a launch agent file with a creation date of January 2015. Use of the old code library combined with mentions of recent macOS versions suggested the malware was updated over a number of years.

More intriguing still at the time, Malwarebytes found Windows-based malware that connected to the same control servers used by Fruitfly. The company also noted that Fruitfly worked just fine on Linux computers, arousing suspicion there may have been a variant for that operating system as well.

Further Reading

Last July, Patrick Wardle, a researcher specializing in Mac malware at security firm Synack, found a new version of Fruitfly. After decrypting the names of several backup domains hardcoded into the malware, he found the addresses remained available. Within two days of registering one of them, almost 400 infected Macs connected to his server, mostly from homes in the US.

While Wardle did nothing more than observe the IP addresses and user names of the infected Macs that connected, he had the same control over them as the malware creator. Wardle reported his findings to law enforcement officials. It's not clear if Wardle's tip provided the evidence that allowed authorities to charge the defendant or if Durachinsky was already a suspect.

According to Forbes, which reported the indictment, Durachinsky was arrested in January of last year and has been in custody ever since. Forbes also reported that Durachinsky was charged in a separate criminal complaint filed in January 2017 that accused him of hacking computers at Case Western Reserve University in Cleveland, Ohio. The suspect has yet to enter a plea in the case brought Wednesday. It's not clear if he has entered a plea in the earlier complaint.

It's also not yet clear how Fruitfly managed to infect computers. There's no indication it exploited vulnerabilities, which means it probably relied on tricking targets into clicking on malicious Web links or attachments in e-mails. Wednesday's indictment provided no details about the Windows version of Fruitfly or whether Linux computers were targeted as well.

Promoted Comments

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

I use painters' tape. It's similar to masking tape, and is designed to leave NO residue.

I want to know - was he able to activate the camera *without* activating the green LED light? I can't think of any mac in the last 10 years that had a built in camera without an activation light.

I have only two takeaways from this:

- Either hundreds of people over 13 years ignored the green camera active light coming on at strange times. (If I typed in a sex searchword then saw the camera light come on my mac, I'd investigate with great vigour.)

- Or he has devised a hitherto unknown way of deactivating the camera light (which IIRC we were told is hardwired into the camera and 'can't be turned off').

183 Reader Comments

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

gaffer's tape might do the trick. I use electrical myself and live with the goop

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

I use painters' tape. It's similar to masking tape, and is designed to leave NO residue.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Either gaffers tape if you have some on hand, or vinyl tape if you don't want to drop $20 on a roll of tape you're just going to use a tiny square of. Either is easy to remove and won't leave residue unless they're left on for very long periods of time (And even then, the residue comes off easily).

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone?

It will take more than tape to block the microphone.

Also beware most Macs have an ambient light sensor near the camera which you do not want to block.

I used to use sticky notes, but these days I don't bother. If somebody gets malware on my computer the camera is the last thing I'm worried about to be honest. The key logger and access to files is the real concern.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

I use painters' tape. It's similar to masking tape, and is designed to leave NO residue.

It's designed to leave no residue if you remove it before the paint has fully dried (removing tape after paint dries will ruin the paint job, since some of the paint will lift off with the tape).

Leave painters tape on a long time and it can require sandpaper to remove in my experience — never mind goop, half the bloody tape ends up stuck to the wall after you rip it off.

Wow, this guy is disgusting. I feel dirty just reading about what he's done. And for 13 years?!?

The guy is a total sleazebag, without a doubt; but the part of the story that should really make you feel soiled is that allegedly a single person, of probably superior but not astonishing capability, has managed to keep a botnet running for 13 years before being caught.

If Team Security is doing that good a job one can only wonder how many others there are; never mind what the people who can actually afford an adversarial R&D team are up to.

Wow, this guy is disgusting. I feel dirty just reading about what he's done. And for 13 years?!?

The guy is a total sleazebag, without a doubt; but the part of the story that should really make you feel soiled is that allegedly a single person, of probably superior but not astonishing capability, has managed to keep a botnet running for 13 years before being caught.

If Team Security is doing that good a job one can only wonder how many others there are; never mind what the people who can actually afford an adversarial R&D team are up to.

Perhaps because he chose to stay 'under the radar', so to speak, not stealing sums of money, but mostly just images. When money goes missing folks investigate with much vigor.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Use a red hot steel poker and every time you go to use the camera, remember that you aren't the narcissist the world wants you to be and you are better off without it.

Psst, Apple laptops have a glass screen and people sometimes like to use webcams.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone?

It will take more than tape to block the microphone.

Also beware most Macs have an ambient light sensor near the camera which you do not want to block.

I used to use sticky notes, but these days I don't bother. If somebody gets malware on my computer the camera is the last thing I'm worried about to be honest. The key logger and access to files is the real concern.

You would think!! Surprisingly duct or gaffa tape actually works ridiculously well. You just have to find the thing, (Ifixit guides are good for that). Make sure the mike is fully covered, the sound preference panel gives you a mic output level to test with.

The good news is few run the same computer more than say six years. But in Linux, you tend to preserve /home, so maybe you kept the virus. Windows isn't quite that easy, but people do transfer files to another drive prior to a new OS, so who knows.

The deal with cameras is they need firmware uploaded when booting. That is what the virus infects. I've put windows cameras on Linux and had to use dd to extract the firmware from the windows driver. I assume these hackers pull the firmware in a similar and analyze it, disassemble, etc. The LED to indicate the camera is on is controlled by software.

I've disabled my microphone in my notebook in the BIOS, but Linux finds it anyway.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Painter's tape. It's blue, cheap, and sold at Home Depot and other places. It's designed not to leave tape residue. It's probably as good as you're going to be able to get.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Use a red hot steel poker and every time you go to use the camera, remember that you aren't the narcissist the world wants you to be and you are better off without it.

Right, because only narcissists use FaceTime to talk to their families...

This guy maintained a piece of malware designed for macOS and maintained the botnet, for 13 years, through umpteen near-total rewrites of huge parts of the operating system and probably only got caught due to luck? AND, the malware worked just fine on Linux? This guy's walking out of the courtroom and into an office at Langley.

The really scary thing is this may have been in use for a decade and no one knew about it. All of apple protections against malware where completely and utterly ineffective for this or years and years

For one thing, we can't say that their protections were ineffective. All we know is it appears he did it over a period of time but it's possible he had to keep finding new exploits to gain access with periods of inactivity. This depends how good he is at the exploit stuff, to be sure, and is also not guaranteed.

Thing is, though, any computer probably has thousands of vulnerabilities waiting to be exploited. Reference the decade long existence of Meltdown and Spectre fior just the most recent example. This means if you're online, any sufficiently motivated person can gain access to your system no matter how much you work to lock it down.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone?

It will take more than tape to block the microphone.

The problem is that hardware vendors refuse to do the one thing that could solve all of this. A true hardware on/off switch that physically disconnects a circuit for both the mic and camera when in the off position (no software hack will work-around a switch that physically disconnects the power circuit). So simple, and yet nobody seems to do this one simple thing to solve the issue of spying via built-in mics and cameras.

As for the method of infection. Well, nothing will ever stop that type of attack. The biggest headache for anyone in security has always been the end-user.

Can anyone recommend an easy to peel off, no goop residue, tape, to tape over the front camera and the microphone? I've used 3M Super 33 electrical tape specifically because it's used to hold handlebar tape on bicycles without sliding and leaving goop. But.... it leaves goop all over gorilla glass.

Use a red hot steel poker and every time you go to use the camera, remember that you aren't the narcissist the world wants you to be and you are better off without it.

Right, because only narcissists use FaceTime to talk to their families...